FireEye 2013 Advanced Threat Report on APTs campaigns

FireEye issued the 2013 Advanced Threat Report, the study provides a high-level overview of the computer network attacks by APTs discovered by the company.

 

Today I desire to analyze with you the data proposed by FireEye in the 2013 Advanced Threat Report (ATR), the study provides a high-level overview of the computer network attacks discovered by the company during 2013. The 2013 Advanced Threat Report (ATR) is focused on the advanced persistent threat (APT) evolution, it provides data on means and methods of attackers giving particular attention to state-sponsored operations.

The APT identified are responsible for long term campaigns of high complexity mainly oriented to intellectual property theft, large-scale cyber espionage, and attacks against critical infrastructures.

The experts at FireEye collected data from the FireEye® Dynamic Threat Intelligence™ (DTI) cloud, key figures of the report are:

• 39,504 cyber security incidents
• 17,995 malware infections
• 4,192 APT incidents
• 22 million command and control (CnC) communications
• 159 APT-associated malware families
• CnC infrastructure in 206 countries and territories

The experts discovered control server all over the world, a widespread offensive that caused 4,192 incidents. The top APT targets in 2013 includes of course US, South Korea and Canada, surprising is that Canada with US and Germany was hit by the highest number of unique malware families.

To improve the efficiency of their operations the attackers used zero-day exploits mainly targeting Java solutions and Internet Explorer (IE), during 2013 FireEye discovered eleven zero-day attacks. The attacks against the Microsoft browser were used in watering hole attacks against US government websites.

Education, Finance, and High-Tech were the top overall targets as you can note “Government” is not among the top, despite it was targeted by the highest number of unique malware families.

The APTs are adapting their strategy to the increased level of awareness on security, Web-based attacks, and social media were often preferred to spear phishing.

As remarked in conclusion of the Advanced Threat Report (ATR), the landscape of cyber security is rapidly evolving and it’s hard to predict the evolution of cyber threats despite the following trends appear outlined:

• Java zero-days may be less prevalent.
• In 2014, browser-based vulnerabilities may be more common. Attackers are becoming increasingly comfortable with bypassing ASLR in browsers, and, in contrast to Java and classic input-parsing vulnerabilities, the discovery of browser-based zero-days has not slowed.

Enjoy the reading!

Pierluigi Paganini

(Security Affairs –  APT, 2013 Advanced Threat Report (ATR))